CVE-2021-38950
First published: Mon Dec 13 2021(Updated: )
IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when SharedBindingsUserId is set to effective. IBM X-ForceID: 211404.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM MQ for HPE NonStop | <=8.1.0 | |
| IBM MQ for HPE NonStop | <=8.0.4 | |
| IBM MQ for HPE NonStop | =8.0.4 | |
| IBM MQ for HPE NonStop | =8.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this IBM MQ on HPE NonStop vulnerability?
The vulnerability ID is CVE-2021-38950.
Which versions of IBM MQ for HPE NonStop are affected by this vulnerability?
IBM MQ for HPE NonStop versions 8.0.4 and 8.1.0 are affected.
What is the severity of CVE-2021-38950?
The severity of CVE-2021-38950 is high, with a CVSS score of 7.8.
What is the risk of this vulnerability?
This vulnerability allows for privilege escalation attacks when SharedBindingsUserId is set to effective.
How can I fix this vulnerability in IBM MQ on HPE NonStop?
IBM has provided a fix for this vulnerability. Refer to the IBM support page (https://www.ibm.com/support/pages/node/6525810) for more information.
- collector/nvd-index
- agent/references
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/remedy
- agent/last-modified-date
- agent/author
- agent/severity
- agent/tags
- agent/description
- agent/event
- agent/trending
- vendor/ibm
- canonical/ibm mq for hpe nonstop
- version/ibm mq for hpe nonstop/8.0.4
- version/ibm mq for hpe nonstop/8.1.0